How to configure sudo and delegate authority in openSUSE

How to configure sudo and delegate authority in openSUSE

Sudo which is su “do” allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file.

The main configuration file for sudo is /etc/sudoers.

SUDO is going mainstream as more and more distros install it by default and encourage users (especially on ubuntu) to use sudo than directly running commands and programs as a root as a measure of security.

While from the outside configuring SUDO can look difficult, it is not so difficult in reality. What more, the simple GUI interface in openSUSE makes it even more simpler for users.

A simple configuration of takes just 4 steps to enable sudo on a user account.

1. Create a User Alias

2. Create a Command Alias

3. Create a RunAs Alias

4. Finally, create a Sudo rule

Here on my openSUSE, I’m allowing my default user “saibaba” to run YaST2 to manage the system. Hence, I’m allowing this user to run YaST (/sbin/yast2) and any arguement is permitted (one can restrict running commands with specific arguements with commands)

Start Sudo Configuration Tool

From Computer menu, click YaST. Enter the root password when prompted. Click “Security and Users” from the left pane. This should launch “sudo configuration” tool.

1. Create User Alias

A user alias is a variable mapping to a user. While this is not mandatory, it makes it easy to understand and for better clarity. This will later be used in one or more sudo rules.

1. In the left pane of the Sudo configuration tool, select “User Aliases” and then “Add” in the right-pane.

2. Enter a “Alias Name” then select the user from the “Local and System users” and click “Add” and finally OK.

This adds a user Alias

2. Create Command Alias

A command alias is a variable mapping to a command as in User Alias. This will later be used in one or more sudo rules.

1. In the left pane, select “Command Aliases” and then “Add” in the right-pane.

2. Enter a “Alias Name” then click “Add” under “Command Names or Directories in Alias”

3. Enter the command with full path or use the browse button. If you are not sure of the path and knew the command, simply open a terminal window and run the which command as follows (some command paths may not available under a normal user like /sbin and so its better to “su” to root and run the command.

opensuse:~ # which yast2
/sbin/yast2

Optionally, you can also add arguements/parameters with which alone running the command is permitted. Not entering the parameters will allow user run the command with all possible allowed parameters. Click OK and then OK

This adds the Command Alias

3. Create RunAs Alias

A RunAs alias is a variable mapping a user role that will be assigned to the user who runs sudo. The effective UID and GUID of the user becomes that of the RunAs users. This will later be used in one or more sudo rules.

1. In the left pane, select “RunAs Aliases” and then “Add” in the right-pane.

2. Enter a “Alias Name” then select the user from the “Local and System users” and click “Add” and finally OK.

This adds a RunAs Alias.

Rules for sudo

Now, we have all objects in place with just one final step to complete. That’s to assemble these to togethor. Thats what the rules do for sudo.

1. In the leftpane select “Rules fo sudo” and click Add in the rightpane.
2. Select User or Groups or User Alias from the listbox. Let’s select the User Alias we created earlier.

3. Select “ALL” under “Host or Host Alias”

4. Select select “User” or the “RunAs Alias” we created earlier for “RunAs or RunAs Alias“. Select “No Password” to not to prompt for Password Authentication.

5. Under “Command to Run“, click Add and select “Command Alias” we created earlier and click OK. and OK.

6. Click Finish. That completes the sudo setup.

To check if this works OK. From a terminal window, run the command you setup prefixed with sudo as follows:

saibaba@linux-r610:~> sudo /sbin/yast2

Sudo is lot more customisable and can create as many rules with same user, command, RunAs aliases. Click here to visit the project homepage.

[…] Re: Gedit with sudo I've find these site before posting. Before it didn't work after it did. Administer with Sudo – openSUSE How to configure sudo and delegate authority in openSUSE | SUSE & openSUSE […]

[…] Carlos – Thanks. I didn't know how to configure sudo (or that you could) but found a How-To at How to configure sudo and delegate authority in openSUSE | SUSE & openSUSE that showed me the light. It didn't match 11.2 exactly but close enough to get the job done. I gave […]

[…] standard user user named dog to the sudo list. I have reviewed the sudo man page and looked at http://www.susegeek.com/security/how…y-in-opensuse/ i am still fuzzy. my Q. 1 — will adding user 'dog' to this sudo list do what i expect meaning i […]

[…] auto mounts under /media/restore at the end I would like to unmount the usb drive I have looked at http://www.susegeek.com/security/how…y-in-opensuse/ i must be missing something . currently using the yast tool. I am cool with visudo, in fact i […]